Latest Information Security news from ireland and around the world

Thanks to Jagadeesh Chandraiah and Ferenc László Nagy of SophosLabs for their behind-the-scenes work on this article.

Android users take note: spyware called Lipizzan has infected up to 100 devices and can monitor phone activity while extracting data from popular apps.

That doesn’t sound like a huge number of devices, but as researchers elsewhere have noted, this looks like targeted, precision malware rather than a broad data-stealing tool. Google’s Android Developers’ blog said that “Lipizzan’s code contains references to a cyberarms company, Equus Technologies”, whose LinkedIn page says it’s a company “specializing in the development of tailor made innovative solutions for law enforcement, intelligence agencies, and national security organizations”.

Lipizzan appeared on Google Play as an innocent-looking app with names like “Backup”, “Cleaner” and “Notes”.

Researchers described Lipizzan as a multi-stage spyware product capable of monitoring and exfiltrating a user’s email, SMS messages, location, voice calls, and media. Twenty Lipizzan apps were distributed in a targeted fashion to 100 or so devices. Google has blocked the developers and apps from the Android ecosystem, and Google Play Protect has removed it from the infected phones.